Many New Zealand businesses may be misjudging their ability to handle cyber threats, leaving them exposed to increasingly complex digital risks, according to new industry data.
A recent study conducted by IT services provider Datacom indicated that local organisations are showing a high degree of confidence in their cybersecurity readiness, but internal gaps persist.
The “State of Cybersecurity Index,” developed in partnership with TRA, surveyed more than 700 individuals, including security leaders and employees across New Zealand and Australia.
The report highlighted a significant disconnect between leadership perception and workforce experience. While 71% of security leaders stated that their teams were well informed about cyber risks, only 51% of employees agreed with that assessment.
Collin Penman, Datacom’s chief information security officer, said the findings point to a wider issue of misalignment between governance and operational preparedness.
“Some organisations are getting this right, with business continuity and resilience plans in place, but they remain the exception rather than the rule,” he said, as reported by RNZ. “Leaders are overestimating employee preparedness, and that overconfidence increases cyber risk.”
The study also found that only 26% of New Zealand-based cybersecurity leaders reported having formal business continuity or resilience plans. Penman said this signals a potential vulnerability for organisations as they face more advanced threats, particularly those involving artificial intelligence (AI).
AI-based attacks were ranked as the leading concern among respondents, surpassing phishing, social engineering, and DDoS attacks.
Penman added that while AI presents new risks, it can also be used to strengthen cyber defences – provided the tools are deployed effectively and across the organisation.
One area of concern was organisational responsibility. The majority of staff surveyed believed that cybersecurity was primarily the domain of IT departments. Only 30% viewed it as a shared responsibility across business functions.
This issue aligns with the global findings of the Allianz Risk Barometer 2025, which surveyed nearly 3,800 professionals in 106 countries.
Cyber incidents, including data breaches and system outages, were ranked as the most significant risk facing businesses globally for the fourth year in a row.
“It is likely to remain a top risk for organisations going forward, given the growing reliance on technology – the CrowdStrike incident in summer 2024 once again underlined how dependent we all are on secure and dependent IT systems,” said Rishi Baviskar, global head of cyber risk consulting at Allianz Commercial.
